Skip to content

Latest commit

 

History

History
45 lines (28 loc) · 2.52 KB

KEYLOCKER_SETUP.md

File metadata and controls

45 lines (28 loc) · 2.52 KB
Raw

Setting Up KeyLocker Values

To use lando/code-sign-action with your KeyLocker-distributed cert, you'll want to save sensitive values as GitHub Secrets, which then can be provided as inputs to lando/code-sign-action when you implement it in your GitHub Actions Workflow.

  1. Add KEYLOCKER_CLIENT_CERT
  • Cert is generated by an authorized signer user in the DigiCert One interface: https://one.digicert.com/account/access/administrators
  • Cert is only downloadable (and its password shown) once on creation.
  • Certs can't be uploaded into Keychain on MacOS due to incompatibilities with openssl versions: https://discussions.apple.com/thread/254518218
  • Use openssl to open the cert: openssl x509 -in your_cert.p12 -text -noout
  • Base64 encode the cert: base64 -i your_cert.p12 -o encoded_cert.b64
  • Save the base64 encoded cert as a GitHub Secret (KEYLOCKER_CLIENT_CERT)
  1. Add KEYLOCKER_CLIENT_CERT_PASSWORD
  • Add the password you stored from Step 1 as a GitHub Secret (KEYLOCKER_CLIENT_CERT_PASSWORD)
  1. Add KEYLOCKER_API_KEY
  1. Add KEYLOCKER_CERT_SHA1_HASH
  1. Add KEYLOCKER_KEYPAIR_ALIAS
  1. Hardcode keylocker-host value

As of this writting, all Keylocker instances use the host value https://clientauth.one.digicert.com. Provide that value directly to lando/code-sign-action for the keylocker-host input.

For further reference...